Lucene search
K

174 matches found

ICS
ICS
added 2023/11/14 12:0 a.m.71 views

Siemens COMOS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.8CVSS9.7AI score0.02591EPSS
Exploits0References12
CNVD
CNVD
added 2023/02/17 12:0 a.m.24 views

Siemens Comos Buffer Overflow Vulnerability

Siemens Comos is a plant engineering software solution from Siemens, a German company. Siemens Comos, used in the process industry, is vulnerable to a buffer overflow vulnerability that stems from a boundary error when handling untrusted input. An attacker could use this vulnerability to execute...

10CVSS4.3AI score0.00813EPSS
Exploits0References1
CISA
CISA
added 2023/02/16 12:0 a.m.25 views

CISA Releases Fifteen Industrial Control Systems Advisories

CISA released fifteen 15 Industrial Control Systems ICS advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories f...

1.7AI score
Exploits0References15
BDU FSTEC
BDU FSTEC
added 2023/02/16 12:0 a.m.6 views

The vulnerability of the software cache verification mechanism for the design, operation, and maintenance of COMOS technological installations allows a perpetrator to execute arbitrary code.

The vulnerability of the software cache verification mechanism for the design, operation, and maintenance of COMOS technological installations is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary co...

10CVSS8.4AI score0.00813EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/02/14 11:15 a.m.25 views

CVE-2023-24482

A vulnerability has been identified in COMOS V10.2 All versions, COMOS V10.3.3.1 All versions V10.3.3.1.45, COMOS V10.3.3.2 All versions V10.3.3.2.33, COMOS V10.3.3.3 All versions V10.3.3.3.9, COMOS V10.3.3.4 All versions V10.3.3.4.6, COMOS V10.4.0.0 All versions V10.4.0.0.31, COMOS V10.4.1.0 All...

10CVSS9.7AI score0.00813EPSS
Exploits0References1
OSV
OSV
added 2023/02/14 11:15 a.m.3 views

CVE-2023-24482

A vulnerability has been identified in COMOS V10.2 All versions, COMOS V10.3.3.1 All versions V10.3.3.1.45, COMOS V10.3.3.2 All versions V10.3.3.2.33, COMOS V10.3.3.3 All versions V10.3.3.3.9, COMOS V10.3.3.4 All versions V10.3.3.4.6, COMOS V10.4.0.0 All versions V10.4.0.0.31, COMOS V10.4.1.0 All...

9.8CVSS7.9AI score
Exploits0References1
Prion
Prion
added 2023/02/14 11:15 a.m.17 views

Design/Logic Flaw

A vulnerability has been identified in COMOS V10.2 All versions, COMOS V10.3.3.1 All versions V10.3.3.1.45, COMOS V10.3.3.2 All versions V10.3.3.2.33, COMOS V10.3.3.3 All versions V10.3.3.3.9, COMOS V10.3.3.4 All versions V10.3.3.4.6, COMOS V10.4.0.0 All versions V10.4.0.0.31, COMOS V10.4.1.0 All...

7.5CVSS9.6AI score0.00813EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/02/14 10:36 a.m.64 views

CVE-2023-24482

CVE-2023-24482 affects Siemens COMOS, with SEH-based buffer overflow in the Cache validation service across V10.2 all versions through V10.4.2.0.25 (and older subreleases prior to fixed builds). Exploitation could lead to remote arbitrary code execution or denial of service. Siemens/Siemens Produ...

10CVSS9.6AI score0.00813EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/14 10:36 a.m.8 views

CVE-2023-24482

A vulnerability has been identified in COMOS V10.2 All versions, COMOS V10.3.3.1 All versions V10.3.3.1.45, COMOS V10.3.3.2 All versions V10.3.3.2.33, COMOS V10.3.3.3 All versions V10.3.3.3.9, COMOS V10.3.3.4 All versions V10.3.3.4.6, COMOS V10.4.0.0 All versions V10.4.0.0.31, COMOS V10.4.1.0 All...

10CVSS9.6AI score0.00813EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/14 10:36 a.m.26 views

CVE-2023-24482

A vulnerability has been identified in COMOS V10.2 All versions, COMOS V10.3.3.1 All versions V10.3.3.1.45, COMOS V10.3.3.2 All versions V10.3.3.2.33, COMOS V10.3.3.3 All versions V10.3.3.3.9, COMOS V10.3.3.4 All versions V10.3.3.4.6, COMOS V10.4.0.0 All versions V10.4.0.0.31, COMOS V10.4.1.0 All...

10CVSS9.7AI score0.00813EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.4 views

Siemens Comos 安全漏洞

Siemens Comos is a plant engineering software solution from Siemens, a German company. Siemens Comos, used in the process industry, is vulnerable to a buffer overflow vulnerability that stems from a boundary error when handling untrusted input. An attacker could use this vulnerability to execute...

10CVSS8AI score0.00813EPSS
Exploits0References4
NCSC
NCSC
added 2023/02/14 12:0 a.m.90 views

Vulnerabilities fixed in Siemens products

Siemens has fixed vulnerabilities in Scalance, among others, TIA, SiPass, SIMATIC, COMOS, Brownfield, JT Open Toolkit, Mendix, RuggedCom and Solid Edge. The vulnerabilities would allow a malicious potentially able to launch attacks that result in the following categories of damage:...

10CVSS7.3AI score0.83223EPSS
Exploits7
ICS
ICS
added 2023/02/14 12:0 a.m.40 views

Siemens COMOS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please seeSiemens' ProductCERT Security Advisories CERT Services | Services |...

10CVSS9.8AI score0.00813EPSS
Exploits0References11
ICS
ICS
added 2022/03/08 12:0 a.m.82 views

Siemens COMOS

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: COMOS Vulnerabilities: Memory Allocation with Excessive Size Value, Untrusted Pointer Dereference, Type Confusion, Stack-based Buffer Overflow, Out-of-bounds Write, Out-of-bounds Read, Use After Free,...

7.8CVSS9AI score0.0323EPSS
Exploits0References11
CNVD
CNVD
added 2022/02/13 12:0 a.m.24 views

Siemens Comos code issue vulnerability

Siemens Comos is a plant engineering software solution from Siemens, a German company. A code issue vulnerability exists in Siemens Comos version V10.2, which stems from the COMOS Web component of COMOS allowing the upload and storage of arbitrary files on a Web server. An attacker could exploit...

7.5CVSS4AI score0.00847EPSS
Exploits0References1
OSV
OSV
added 2022/02/09 4:15 p.m.4 views

CVE-2021-37194

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS allows to upload and store...

7.5CVSS7.1AI score0.00847EPSS
Exploits0References1
NVD
NVD
added 2022/02/09 4:15 p.m.26 views

CVE-2021-37194

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS allows to upload and store...

7.5CVSS0.00847EPSS
Exploits0References1
Prion
Prion
added 2022/02/09 4:15 p.m.21 views

Design/Logic Flaw

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS allows to upload and store...

5CVSS7.6AI score0.00847EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/02/09 3:16 p.m.94 views

CVE-2021-37194

CVE-2021-37194 affects Siemens COMOS, specifically the COMOS Web component. The vulnerability arises from an unrestricted upload mechanism that allows uploading and storing arbitrary files on the web server, enabling attackers to place malicious files. Affected are COMOS Web-enabled deployments: ...

7.5CVSS7.3AI score0.00847EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/09 3:16 p.m.18 views

CVE-2021-37194

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS allows to upload and store...

7.5AI score0.00847EPSS
Exploits0References1
Rows per page
Query Builder